The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

Tuesday, April 8, 2014

April 8 Connector

Featured OWASP Project

OWASP Reverse Engineering and Code Modification ProjectThis project educates security professionals about the risks of reverse engineering and how to ensure that code cannot be reverse engineered or modified. If you are placing sensitive code in an environment in which an attacker can get physical access to that environment (read: mobile, desktops, cloud, particular geographies), you should be concerned with the risks of reverse engineering or unauthorized code modification. This umbrella project will help you understand the risks and how to mitigate them. For more information, please contact the Project Leader, Jonathan Carter

New OWASP Projects

OWASP Pyttacker ProjectThe OWASP Pyttacker Project is a portable Web Server that includes the features needed for every Pentester when creating reports, helping to create PoCs that show a more descriptive way to create awareness to the businesses by demonstrating realistic but in-offensive "attacks" included as part of the tool. For more information, please contact the Project Leader, Mario Robles.OWASP XSecurity ProjectThe OWASP XSecurity Project aims to provide the best free security tool integrated with the IDE to assist iOS developers to develop secure iOS apps. We now provide a security plugin for Xcode plus clang static analyzer checkers for iOS application development. This plugin aims to reduce the vulnerability made during development by detecting the vulnerability as it is being created. For more information, please contact the Project Leaders, Tokuji Akamine. and Ramund PedraitaOWASP Incident Response ProjectThe OWASP Incident Response Project will provide users with a current set of tools and best practices for dealing with a hacked web application.For more information, please contact the Project Leader, Tom Brennan.

Phase I of the OWASP Portal is live

Logging into the portal will allow you to renew your membership and register for upcoming events; taking advantage of any individual or corporate membership benefits available to you.The membership sign up process has been simplified. New member signups will provide some basic demographic information, select their membership type, and complete the process. When you're logged into the portal, you can renew your membership in just a few clicks!Once you have logged into the portal, you can register for upcoming events quickly and easily.By clicking on the "My Account" tab, you can generate invoices, receipts, and view any new payment and registration historyA community feature is included in the portal. Joining the community is not necessary to take advantage of the membership and event features. In the community, you can post new ideas, vote and comment on ideas, organize discussion groups, and connect with other OWASPers.Additional Features like community resources, OWASP FAQ, awards and recognition, and a much improved donation process, are just some of the enhancements that will be released during 2014.Current OWASP members should check their inbox for their login instructions. Unique login ID information has been sent to you.Membership is NOT required to access the portal. If you do not have a current membership, and would like to access the portal, please CLICK HERETo sign up for a new membership, please CLICK HEREAs always, if you have any problems or comments, please contact us at support@owasp.org

Global AppSec Events in 2014

AppSec LATAM 2014 - LATAM Tour (April 22 - May 9)Registration is now open! Please refer to the tour pages for the location you want to register for.In 2014, instead of holding an AppSec LATAM Conference, we organizing a LATAM Tour which we hope will bering together LATAM community members together to spread the OWASP mission. Here are the sheduled stops for the tour:

Thank you to our renewed Corporate Members:

OWASP Member Spotlight - APAC 2014 Planning Team - Japan

As an organization driven by it's membership community, it's high time we dedicate some space to recognizing YOU!We would like to take this opportunity to congratulate and to sincerely thank the Japan team. This year's AppSec conference in Tokyo, Japan was immensely successful in promoting the OWASP mission in the Japan region.The turnout this year was our largest to date, and we have received great feedback from attendees about speakers, session content and networking events.The Organizing Committee is extremely proud to have been able to bring together more than 400 people from all over the world. Indeed this is a great milestone in the history of our Global AppSec Conferences in the Asia Pacific region and having your support and participation was priceless. THANK YOU!

OWASP Wins SC Magazine 2014 Editor's Choice Award

On Tuesday, February 25th OWASP was awarded the 2014 SC Magazine Editor's Choice award.As a volunteer driven, non-profit organization our contributors donate their time and expertise for the betterment of all.It is exciting and rewarding for the entire community to be recognized for our continued efforts to increase application security!To read the complete announcement, please visit The OWASP blog post

Just for Fun

We would like to congratulate Roma Jain for submitting the first correct response to last issue's puzzle. Thank you to everyone who submitted your response. If you missed the question, you can find it on the OWASP Blog1) 2,1 cross bridge together, 1 come back leaving 2 on other side , min = 2+1 2) 5,10 cross bridge together, both stay there, 2 come back, min 10 +2 3) 1,2 go together, min = 2 Total min = 17This issue's challengeMidas has boxes in three sizes: large, medium, and small. He puts 11 large boxes on a table. He leaves some of these boxes empty, and in all the other boxes he puts 8 medium boxes. He leaves some of these medium boxes empty, and in all the other medium boxes he puts 8 (empty) small boxes. Now, 102 of all the boxes on the table are empty. How many boxes has Midas used in total?Please submit your answers HERE

New OWASP Books

If you would like to purchase copies of OWASP titles, you can do so by accessing all available titles HERESome of the most recent books available are: